What Is ClamXav (and do Mac users really need antivirus)

ClamXav is a free virus checker for Mac OS X. It uses the very popular ClamAV open source antivirus engine to scan mail and attachments. As a testament to its effectiveness, Apple now bundles ClamAV with Mac OS X Server 10.4. Unfortunately for those who are not system administrators, ClamAV is a command line tool, so it isn't user-friendly for the average Mac owner. That's why Mark Allan developed ClamXav. It uses the powerful ClamAV engine and definitions, but adds a more accessible user interface. This article explains how to use ClamXav, and it includes an interview with its developer, Mark Allan.

In this article:

The open source ClamAV project has enjoyed great success over the years and is relied upon by many large and small companies. This antivirus application is robust and its definitions are regularly updated. Plus, it's free.

So, why not put ClamAV to use on your desktop? After all, anything good enough to clean thousands of emails daily without crashing should prove helpful on a home computer. This is exactly what we are going to do, with a little help from independent developer Mark Allan.

Introducing ClamXav

Since ClamAV is essentially a command-line application, it's not the easiest beast to tame. This is why I'm introducing you to ClamXav, a GUI (Graphical User Interface) built around ClamAV and its scanning engine.

ClamXav is written by Mark Allan, an independent software consultant who wanted to tap into ClamAV's power but didn't like having to work with the command line to do so. While more options are available through the ClamAV command line interface, installing the ClamXav application and relying on its default configuration should provide you with a good degree of security right out of the box.

Downloading and Installing ClamXav

Once you download ClamXav, simply drag the Clam icon onto your Applications folder, or the destination of your choice. You might also want to hang on to the manual and extras that are included in the disk image.

To complete the installation procedure, launch ClamXav from your hard drive. The application will check for the presence of an up-to-date Clamav engine and, if it does not detect any--which it shouldn't the first time you launch it or after an upgrade--will launch an engine installer for you to use.

The engine installer relies on Apple's very own Installer and will therefore provide you with a familiar interface. Simply click through the procedure, as you would do with any other installer. Once it quits, you're all set to re-launch the ClamXav application one last time from the Finder and start using it! Easy, huh?

Updating ClamXav

Most commercial products never explain the difference between application updates and engine updates, making ClamXav's options seem slightly more complex at first. The engine is basically what does the actual virus scanning, and the application manages the process and interacts with you. For now, unless you have decided to download and compile your own engine, you can let the software guide you as to what to do. Simply update whenever you're asked to; the procedure is always the same.

The ClamAV project updates its engine, along with the definitions, on a regular basis, both for security and functionality reasons. It's up to you to decide whether you want to download and compile your own engine or wait for ClamXav to be updated with the new engine. If you decide to rely on ClamAV for your work computers, it is a good idea to subscribe to a security mailing list to stay current with the updates.

Setting up ClamXav

By default, ClamXav specializes in on-demand scanning, a wise move that provides you with the assurance the application will not start altering your files without your consent. The default mode isn't as comprehensive security-wise as a custom configuration. Therefore, you might want to take a short trip to the preferences window.

The General preferences are mostly self explanatory. I recommend enabling logging, so that you can keep track of what's happening. Also, keep quarantine disabled, as this option can lead to unexpected movements of data. The choice to scan mail in .mbox files is up to you and will depend on the mail client you use. The new Tiger Mail, for example, no longer relies on this format but such files may be left over from your Panther installation if you performed a simple upgrade. Monitoring the scan with a progress bar will make for a more visually appealing experience, but unfortunately slows the process down.

While the Proxy settings in the Internet tab depend on your network configuration, I recommend that you update all definitions at launch and check for new versions of both ClamAV and its engine. This will help you stay up-to-date and safe, by not skipping potentially important security updates.

As a side remark, note that ClamXav does not update virus definitions securely--in other words, it does not check the signature of the files--which, in the unlikely event it reaches a poisoned or corrupted server, might cause it to disfunction. If you want to enable that layer of security, you will need to compile your own engine, as explained on the application's website.

Schedule preferences will mostly appeal to those who leave their computers on overnight. As they rely on a cron job to do their work, this pane requires that you authenticate, allowing ClamXav to modify the necessary system files.